WASHINGTON, D.C. – Today, U.S. Senator Jacky Rosen (D-NV), member of the Senate Homeland Security and Governmental Affairs Committee (HSGAC), joined Senators Maggie Hassan (D-NH) and Krysten Sinema (D-AZ) in a letter to the U.S. Government Accountability Office (GAO) requesting a review on (1) efforts by the Department of Education (ED), the Department of Homeland Security (DHS), and other relevant federal agencies to assist school districts in securing themselves from cyber threats; and (2) plan, coordinate, and report on the effectiveness of federal cybersecurity assistance to schools. This letter comes in response to an increase in cyberattacks targeting schools during COVID-19.
“We are concerned about the extent to which K-12 schools are adequately protected from cyber threats as they expand or revise operations during the pandemic and beyond. Moreover, we would like to understand how Federal agencies coordinate school protection through information sharing, intelligence, and other resources that the Federal government has at its disposal in an effort to help schools combat cyber threats,” wrote the Senators. “We seek a review by the Government Accountability Office on efforts by Education, DHS, and other relevant federal agencies to assist school districts in securing themselves from cyber threats and the effectiveness of these efforts. We also request any recommendations GAO can offer to Congress to improve federal cybersecurity support for school districts..”
BACKGROUND: On October 2, 2020, following a ransomware attack on Clark County School District, Senator Rosen sent a letter urging DHS and ED to provide adequate support, guidance, and resources to help schools respond to and prevent cyberattacks. She followed up on her request when questioning the Acting Director of the Department of Homeland Security’s Cybersecurity Infrastructure Agency (CISA) during a December 2, 2020 hearing on state and local cybersecurity held by HSGAC’s Subcommittee on Federal Spending Oversight and Emergency Management.
The full text of the letter can be found here and below:
Dear Mr. Dodaro,
Across our nation, approximately 100,000 public schools serve more than 50 million students from kindergarten through 12th grade (K-12) and play an integral role in the educational, civic, and economic life of local communities. It is critical that the Government Accountability Office (GAO) review efforts by the Department of Education (Education), Department of Homeland Security (DHS), and other relevant federal agencies to assist school districts in protecting themselves from cyber threats.
Even before the COVID-19 pandemic, schools districts were increasingly reliant on technology for grading, enhancing educational offerings, and obtaining real time feedback on student and teacher performance.
In response to the pandemic, many K-12 schools shifted to offering some form of remote education, increasing their dependence on laptops, wireless internet access, and cameras and microphones. At the same time, potential threats from cyberattacks remain serious and prevalent. For instance, school districts in New Hampshire, Nevada, Arizona, and across the country have recently reported instances of ransomware attacks.
In 2015, the Government Facilities Sector Specific Plan identified Education’s Office of Safe and Drug Free Schools as the Sector Specific Agency (federal agency lead) for the Education Facilities Subsector. In that role, Education is responsible for coordinating with Federal and non-Federal partners to address risk management for schools, including cyberattack risks. In addition, DHS is authorized to support Federal and non-Federal sector partners by sharing information through its dedicated 24/7 coordination and information sharing operations center.
We are concerned about the extent to which K-12 schools are adequately protected from cyber threats as they expand or revise operations during the pandemic and beyond. Moreover, we would like to understand how Federal agencies coordinate school protection through information sharing, intelligence, and other resources that the Federal government has at its disposal in an effort to help schools combat cyber threats.
We seek a review by the Government Accountability Office on efforts by Education, DHS, and other relevant federal agencies to assist school districts in securing themselves from cyber threats and the effectiveness of these efforts. We also request any recommendations GAO can offer to Congress to improve federal cybersecurity support for school districts. We appreciate your prompt attention to this matter. For further information on our request, please contact Peter Su (Peter_Su@hsgac.senate.gov), Daniel Bleiberg (Daniel_Bleiberg@rosen.senate.gov), and Jackie Maffucci (Jackie_Maffucci@hsgac.senate.gov).
###